File name:

jetbrains-activator.exe

Full analysis: https://app.any.run/tasks/f32ddc14-66ab-414f-8bf0-ea1d9def2bb3
Verdict: Malicious activity
Analysis date: November 12, 2024, 10:24:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

9DFF2CDB371334619B15372AA3F6085C

SHA1:

EA651AF34BFE2052668E37BCD3F60696EBAFFA1C

SHA256:

3E52C0B97F67287C212E5BC779B0E7DD843FB0DF2EF11B74E1891898D492782C

SSDEEP:

98304:ScTE9EF5E3hzztBDbkGp2RIUR9gdK615JLeHmi+l4m08qqo0VBjLt3fFV4Ar2IIi:C+693MbDJIxny/h9CM/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates file in the systems drive root

      • jetbrains-activator.exe (PID: 2576)

    • Executable content was dropped or overwritten

      • jetbrains-activator.exe (PID: 540)

    • Executes as Windows Service

      • AGSService.exe (PID: 1160)

    • Application launched itself

      • jetbrains-activator.exe (PID: 2576)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 2956)

  • INFO

    • Reads the computer name

      • jetbrains-activator.exe (PID: 2576)

    • Checks supported languages

      • jetbrains-activator.exe (PID: 2576)

    • Manual execution by a user

      • svchost.exe (PID: 2444)
      • svchost.exe (PID: 2568)
      • svchost.exe (PID: 2540)
      • spoolsv.exe (PID: 2584)
      • svchost.exe (PID: 2708)
      • svchost.exe (PID: 2840)
      • svchost.exe (PID: 2560)
      • svchost.exe (PID: 2892)
      • svchost.exe (PID: 3084)
      • OfficeClickToRun.exe (PID: 2912)
      • svchost.exe (PID: 2920)
      • AGSService.exe (PID: 2932)
      • svchost.exe (PID: 3044)
      • svchost.exe (PID: 2968)
      • svchost.exe (PID: 2960)
      • svchost.exe (PID: 2348)
      • svchost.exe (PID: 2792)
      • svchost.exe (PID: 3096)
      • svchost.exe (PID: 3952)
      • sppsvc.exe (PID: 4028)
      • svchost.exe (PID: 1208)
      • svchost.exe (PID: 3820)
      • svchost.exe (PID: 2644)
      • svchost.exe (PID: 4104)
      • svchost.exe (PID: 4164)
      • svchost.exe (PID: 3320)
      • svchost.exe (PID: 3840)
      • svchost.exe (PID: 772)
      • svchost.exe (PID: 4732)
      • svchost.exe (PID: 4312)
      • svchost.exe (PID: 4844)
      • svchost.exe (PID: 4672)
      • svchost.exe (PID: 4924)
      • svchost.exe (PID: 4952)
      • svchost.exe (PID: 3808)
      • TrustedInstaller.exe (PID: 5092)
      • svchost.exe (PID: 5184)
      • svchost.exe (PID: 5904)
      • svchost.exe (PID: 5632)
      • svchost.exe (PID: 5760)
      • Acrobat.exe (PID: 4640)
      • svchost.exe (PID: 6904)
      • svchost.exe (PID: 5764)
      • uhssvc.exe (PID: 2592)
      • svchost.exe (PID: 1980)
      • svchost.exe (PID: 1772)
      • svchost.exe (PID: 6076)
      • svchost.exe (PID: 2404)
      • svchost.exe (PID: 4492)
      • svchost.exe (PID: 3120)
      • svchost.exe (PID: 1180)
      • svchost.exe (PID: 6864)
      • Taskmgr.exe (PID: 4596)
      • svchost.exe (PID: 3032)
      • Taskmgr.exe (PID: 1584)

    • Application launched itself

      • Acrobat.exe (PID: 4640)
      • AcroCEF.exe (PID: 6852)

    • Sends debugging messages

      • Acrobat.exe (PID: 7084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:02:01 22:17:42+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 9542656
InitializedDataSize: 9126400
UninitializedDataSize: -
EntryPoint: 0x8d77e8
OSVersion: 6
ImageVersion: 11
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 11.0.0.49893
ProductVersionNumber: 11.0.0.49893
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: -
FileDescription: -
FileVersion: 11.0.0.49893
LegalCopyright: -
OriginalFileName: jetbrains-activator.exe
ProductName: jetbrains-activator
ProductVersion: 11.0.0.49893
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
308
Monitored processes
77
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start start jetbrains-activator.exe no specs rundll32.exe no specs sppextcomobj.exe no specs slui.exe jetbrains-activator.exe agsservice.exe no specs slui.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs spoolsv.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs officeclicktorun.exe svchost.exe no specs agsservice.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs sppsvc.exe no specs svchost.exe no specs svchost.exe no specs plugscheduler.exe no specs svchost.exe no specs svchost.exe no specs ctfmon.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe trustedinstaller.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs acrobat.exe acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs svchost.exe svchost.exe no specs svchost.exe svchost.exe no specs svchost.exe no specs uhssvc.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs svchost.exe no specs taskmgr.exe no specs svchost.exe no specs consent.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\Desktop\jetbrains-activator.exe" "C:\Users\admin\Desktop\jetbrains-activator.exe"C:\Users\admin\Desktop\jetbrains-activator.exe
jetbrains-activator.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
11.0.0.49893
Modules
Images
c:\users\admin\desktop\jetbrains-activator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
760consent.exe 6864 316 00000236E4428CC0C:\Windows\System32\consent.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Consent UI for administrative applications
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\consent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
772C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserServiceC:\Windows\System32\svchost.exeservices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1160"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
4294967295
Modules
Images
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1180C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvcC:\Windows\System32\svchost.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1208C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvcC:\Windows\System32\svchost.exeservices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1396"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1624,i,1501462349425259782,7362436772716291313,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1584"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
1772C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1980C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRVC:\Windows\System32\svchost.exe
services.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
Total events
67 614
Read events
66 903
Write events
612
Delete events
99

Modification events

(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0400000000000000030000000E000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:writeName:MRUListEx
Value:
010000000000000004000000050000000200000003000000FFFFFFFF
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell
Operation:writeName:SniffedFolderType
Value:
Generic
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
96
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4
Operation:writeName:MRUListEx
Value:
000000000100000004000000050000000200000003000000FFFFFFFF
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:LogicalViewMode
Value:
1
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:FFlags
Value:
(PID) Process:(2576) jetbrains-activator.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:IconSize
Value:
16
Executable files
7
Suspicious files
181
Text files
28
Unknown types
26

Dropped files

PID
Process
Filename
Type
2960svchost.exeC:\Windows\System32\sru\SRUDB.dat
MD5:
SHA256:
540jetbrains-activator.exeC:\ja-netfilter-files\config-jetbrains\power.conftext
MD5:25E529ACCB85415C8C2B40FCE1AB65F5
SHA256:05C70700CB0A3E8E7C596205CEBE7284B2F7FBDF5F6BEEB4424730A753239701
540jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\dns.jarjava
MD5:4F3C516C1704A5569725246D57DD1AE7
SHA256:D1150B1831B112B93D74A34A10CE6C11606E0D2255D532C29F91F1D92B40A552
540jetbrains-activator.exeC:\ja-netfilter-files\ja-netfilter.jarjava
MD5:2FA1B1364515DCE93EB67C423B570DEB
SHA256:3ACC4E9D91793F6909458A4761B75B6DA45C8868E75DCA33C9FEC63659202995
540jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\native.jarjava
MD5:D53081E7676F669061695827209B0FBD
SHA256:88E419764B31134E74E4A968015F6F80DA497EEFCD4AEFF77D7C2CE57CB5EFCD
540jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\hideme.jarjava
MD5:CDAB6A30B0949A741F13935F5483C303
SHA256:FA14C735AB9FED3F3A5DF0DC78A5D38AE0A146099DDC858197E9F528BD996C40
540jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\power.jarjava
MD5:D8711B73BC0507DBDC841B098AF99787
SHA256:7819E5B968CE5EA2E638E53D84089D35E89E9EA3088F18F8DBF6DD38D14AB25A
540jetbrains-activator.exeC:\ja-netfilter-files\config-jetbrains\url.conftext
MD5:FEA2BFBEDDA20D5AD9429F537E15F4CE
SHA256:88E1DCA8019AD412CF2C6FBD947A83786CFFC7B32F1EE35594D25D1F38FAE5F8
4028sppsvc.exeC:\Windows\System32\spp\store\2.0\data.dat.tmpbinary
MD5:5DDD8388A80B4BB746806A9759F4248F
SHA256:780A0DDCB0A209C0384A889A8AC35D8B6E89EDF8DCEDF7391250B7B54E11BC9E
540jetbrains-activator.exeC:\ja-netfilter-files\plugins-jetbrains\url.jarjava
MD5:6B181E5B8255DB4CD9BEB1C6AF5F420E
SHA256:CE5A83AEE31153CCA30274AC94467B316EDEA8CB28ACF72F52F5A72D455B1B43
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
88
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4640
Acrobat.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
7044
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.32.238.112:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4952
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3572
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6664
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7044
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6384
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2660
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.204.143:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6944
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6384
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6384
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
780
svchost.exe
23.218.210.69:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.204.143
  • 2.16.204.146
  • 2.16.204.139
  • 2.16.204.137
  • 2.16.204.141
  • 2.16.204.136
  • 2.16.204.140
  • 2.16.204.145
  • 2.16.204.138
  • 2.19.80.80
  • 2.19.80.24
  • 2.19.80.89
  • 2.19.80.27
  • 2.19.80.35
  • 2.19.80.123
  • 2.19.80.56
  • 2.19.80.75
  • 2.19.80.99
  • 2.19.80.88
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.2
  • 20.190.159.71
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.23
  • 40.126.31.69
  • 40.126.32.72
  • 20.190.160.17
  • 40.126.32.140
  • 40.126.32.134
  • 40.126.32.74
  • 40.126.32.133
  • 20.190.160.22
  • 40.126.32.136
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted
th.bing.com
  • 2.16.204.161
  • 2.16.204.136
  • 2.16.204.139
  • 2.16.204.138
  • 2.16.204.132
  • 2.16.204.137
  • 2.16.204.158
  • 2.16.204.135
  • 2.16.204.134
  • 2.19.80.123
  • 2.19.80.27
  • 2.19.80.89
  • 2.19.80.75
  • 2.19.80.80
  • 2.19.80.24
  • 2.19.80.17
  • 2.19.80.56
  • 2.19.80.88
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.32.238.112
  • 23.32.238.107
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
jetbrains-activator.exe